Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Fake Security Center popup [RESOLVED]

baneman

Posted 15 August 2005 - 01:32 PM

baneman

New Member

Member

6 posts

Hi there
I hope you can help me with removing this unbelievably irritating malware popup.

It randomly ( yet regularly ) pops up. Clicking on the Yes button opens a browser window pointing to a so-called anti-spyware site. Clicking No merely puts off for a random amount of time the reoccurrence of the popup.

I have discovered that the beast responsible for this is rdsndin.exe - which I found when trying to close the so-called Windows Security Center via Task Manager.

This also seems to be associated with a taskbar creature that pops up a "baloon" purporting to have identified my firewall/anti-virus software as "being bad". The one always appears around the time of the other.

None of the usual Anti-spyware tools have found or identified this and I eventually reinstalled Windows XP - but a day later it was back ( my reinstall was leaving my old settings ).

I know for sure that the process doing the Security Centre popup is called rdsndin.exe as that is the program that "isn't responding" when I close Security Centre with Task Manager. The bottom right hand "baloon" icon I have no idea.

Excal

Posted 26 September 2005 - 04:19 PM

Download WinPFind and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. don't do anything with it yet.

boot into safe mode

Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

baneman

Posted 28 September 2005 - 11:42 AM

baneman

New Member

Topic Starter

Member

6 posts

Cheers, ok here goes :

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives took 209 seconds.+ The search for all Registry CLSIDs containing dormant Explorer Bars took 16 seconds.---------- (total run time: 266 seconds)

Excal

Posted 28 September 2005 - 12:07 PM

Excal

Malware Slayer Extraordinaire!

Retired Staff

12,739 posts

Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg (make sure that Save as Type is set at "All Files") on your Desktop. Ensure there is no space at or above REGEDIT 4.

Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

If you use Windows XP, Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

Open HiJackThis

Click on the configure button on the bottom right

Click on the tab "Misc Tools"

Click on "Delete File on Reboot"

Navigate to this file - F:\WINDOWS\SYSTEM32\msexnpfi.exe

Double click on that file.

HJT asks you if you want to reboot, now. Click "no".

Do that for the following files also, until you get to the last one, then click "yes" when HJT asks you to reboot.

baneman

Posted 29 September 2005 - 03:29 AM

baneman

New Member

Topic Starter

Member

6 posts

Excellent !

It's looking good, although it has gone through periods of inactivity before ( it kept its head down for a couple of days after I reinstalled Windows ), so I will keep a weather eye out in case it has another go.

If you are unhappy with your current antivirus and want to replace it or if you dont already have one, I suggest one of these free programs: *Note - do not use more than one anti-virus program as it will more than likely cause conflict.